Remote Desktop Services, VPN and secure connection(s)
We are testing windows 2008 remote app services. We have 2 needs. First, remote offices need access to a SQL application that can only run on the HQ lan so we are planning on utilizing remote app. Second, remote offices also need access to network files to be able to open on their local machine.
We started testing with using the same box for VPN and RDS. The idea is that the users connect via VPN so that they can access network files locally by mapping the network share. Then to access the HQ application they use remote app. The W8K box sits behind the firewall with VPN ports forwarded. So far we have it set up so the the remote app only is accessible when a VPN connection exists. Because we don't have two form factor authentication VPN port access on the firewall is locked down to users IP addresses. This controls what locations can use VPN and since the remote app only connects using a LAN machine name this control access to the application. Does this sound like the best method to address both issues?
I have read that using the TS Gateway that RDP sessions can be secured communications channel because traffic is encrypted over HTTPS (443). If I block 3389 on the firewall then the users cannot connect. Is this only a feature that works in conjunction with TSWEB? When a user connects using RDP (either through the VPN or without VPN) I see no 443 traffic. It would be nice to be able to create RDP sessions for remote apps without having to crate a VPN connection. How can a be assured the traffic is being encrypted? I have used TCPView and Etherreal to view the traffic and I don't see 443 traffic using the RDP to connect directly to the TS server.
Can a user access a network files over RDP and open the file using their local application or will we need VPN for that?